The big news this week was that Colombia’s healthcare system was severely disrupted by a ransomware attack on Keralty, one of the country’s largest healthcare providers.
Patients had to wait more than twelve hours for treatment, and people fainted due to lack of medical attention.
The The Keralty attack was carried out by the RansomHouse ransomware operation, which claims to have stolen 3TB of data in the attack.
Other news this week includes an increase in attacks by the renamed Operation Trigona Ransomware and reports of a new data eraser named CryWiper targets local government agencies in Russia.
Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @LawrenceAbrams, @FourBytes, @demonslay335, @struppigel, @PolarToffee, @serghei, @fwosar, @DanielGallagher, @jorntvdw, @billtoulas, @Seifreed, @VK_Intel, @malwareforme, @malwhunterteam, @Ionut_Ilascu, @kaspersky, @xfalexx,@hyperconnected, @kennethdee, @pcrisk, @pushecxand @BrettCallow.
November 26, 2022
The Ragnar Locker ransomware gang released stolen data from what they thought was the municipality of Zwijndrecht, but it turned out to have been stolen from Zwijndrecht police, a local police unit in Antwerp, in Belgium.
November 28, 2022
Risk found new variants of Dharma ransomware that add the .just Where .CRASH extension to encrypted files.
PCrisk has found new Xorist ransomware variants that add the .ety Where .lUUUUUUUUU extensions to encrypted files.
PCrisk has found a new Chaos ransomware variant that adds the .BAD extension and drops a ransom note named read_it.txt.
November 29, 2022
A previously unnamed ransomware has been rebranded as ‘Trigona’, launching a new Tor trading site where they accept Monero as a ransom payment.
November 30, 2022
Multinational healthcare organization Keralty suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.
PCrisk has found new STOP ransomware variants that add the .uyro and .uyit expansions.
PCrisk has found a new variant of MedusaLocker that adds the .encrypt extension and drops a ransom note named !-Recovery_Instructions-!.html.
PCrisk has found a new DATAF Locker ransomware that adds the .dataf extension and drops a ransom note named How to restore your .txt files.
December 1, 2022
The FBI and CISA revealed in a new joint security advisory that Cuba’s ransomware gang collected more than $60 million in ransoms in August 2022 after killing more than 100 people worldwide.
Zscaler ThreatLabz has tracked the major ransomware families and their tactics, techniques, and procedures (TTPs), including the BlackBasta ransomware family. On November 16, 2022, ThreatLabz identified new BlackBasta ransomware samples that had significantly lower antivirus detection rates. The latest BlackBasta code has many differences from the original BlackBasta ransomware.
December 2, 2022
A previously undocumented data wiper named CryWiper poses as ransomware, extorting victims to pay for a decryptor, but in reality it simply destroys data beyond recovery.
A Lynnwood, Wash.-based debt collection company was sued for compromising the names and social security information of more than 3.7 million people in an April 2021 data breach .